Backend Considerations
I have been developing a mobile app using XCode and Swift 3 for a while now, I have been very focused on developing a scalable and robust back ends on multiple servers using different services. Loads of experts say you only have two chances to keep users engaged before they leave your app because of speed or silly error messages or slow apps. Part of having a trustworthy app is giving users true error messages when errors pop up. This involves testing and developing for each error scenario.
Advertisement:
I have tried to guess every possible failure point and use HTTP status codes in my app API to inform the user of reasons why something has failed (not just a success/fail).
A typical API’s for my app return these possible HTTP status error codes.
- 400 – No Body.
- 401 – Invalid payload (automatically validated multiple ways using node modules like validator).
- 402 – Invalid input payload (manually validated by my code).
- 403 – Backend NoSQL database down.
- 404 – Invalid User
- 405 – Query returned no results from back end NoSQL database
- 406 – Invalid Output Payload (from various sources).
- 407 – User has reached max queries in xx minutes.
- 408 – Invalid Request
- etc
I use http://keymetrics.io to monitor my node processes, custom code to notify me when things go down and I use the node package winston to log anything for later review. I am happy with the throughput, even with the excessive logging and access controls and I am now moving onto the front end of my application.
Front End
I decided to use Swift 3 in XCode 8.2.1 to talk to my JSON API, I am using the Alamofire Networking module in Xcode to handle the network stack (as pure Swift 3 networking code was horrid).
Tip: I had issues with CocoPods to manage the installation of Alamofire so I ended up dropping it and installing it manually.
Once I setup my API setup the code below to query my API (‘/appname/api/v1/login/’) and process the data returned.
let parameters: Parameters = [
"email": "\(sUsername)",
"password": "\(sEncryptedHashedPassword)"
]
let headers: HTTPHeaders = [
"x-access-token": "\(sSingleUseUserAccessToken)",
"Content-Type": "application/json",
"Accept": "application/json",
"DNT": "1 (Do Not Track Enabled)"
]
let theAPIURL = globalSettings.API_LOGIN_PAGE
Alamofire.request("\(theAPIURL!)", method: .post, parameters: parameters, encoding: JSONEncoding.default, headers: headers)
.validate(statusCode: 200..<201)
.validate(contentType: ["application/json"])
.responseData { response in
switch response.result {
case .success(let data):
# Debug
print("Login Success (200)")
print("response.request: \(response.request)") // original URL request
print("response.response: \(response.response)") // HTTP URL response
print("reposnse.data: \(response.data)") // server data
print("result: \(response.result)") // result of response serialization
print("Login Time: \(response.timeline)") // time
// Processing Successful Login.
let json = try! JSONSerialization.jsonObject(with: data)
// Debug Return Payload
print(json)
// Unwraping Payload Preferences
// Assume the App Loads OK (Checks below)
var local_LoadedOk = "Yes"
local_LoadedOk = "Yes"
var local_LoadedNotOKMessage = "Unknown Error"
local_LoadedNotOKMessage = "Unknown Error"
// API Payload Validation
var local_LoginChecksPassingOK = true
local_LoginChecksPassingOK = true
// Get the users guid from the API Payload ( simple validation )
var local_f_guid = (json as! NSDictionary)["f_guid"] as! String
print("local_f_guid: \(local_f_guid)")
if local_f_guid != "" {
// Is the guis the right length?
if local_f_guid.characters.count == 36 {
// ok
print(" - guid ok")
} else {
local_f_guid = ""
// login guid too short
local_LoginChecksPassingOK = false
local_LoadedOk = "No"
local_LoadedNotOKMessage = "There was an error with your account (login guid error). Please contact support (LoginError_001)"
}
} else {
local_f_guid = ""
// Error Login Guid Missing
local_LoginChecksPassingOK = false
local_LoadedOk = "No"
local_LoadedNotOKMessage = "There was an error with your account (login guid error). Please contact support (LoginError_002)"
}
// Get Username from API Payload
var local_Username = (json as! NSDictionary)["Username"] as! String
print("local_Username: \(local_Username)")
if (local_LoginChecksPassingOK == true) {
print("login validation ok so far")
// Get Username
if local_Username != "" {
// Check Email for @ symbol
if local_Username.characters.count > 0 {
// ok
print(" - username ok")
} else {
local_Username = ""
// Username Empty
local_LoginChecksPassingOK = false
local_LoadedOk = "No"
local_LoadedNotOKMessage = "There was an error with your account (email invalid). Please contact support (LoginError_003)"
}
} else {
local_Username = ""
// Username Empty
local_LoginChecksPassingOK = false
local_LoadedOk = "No"
local_LoadedNotOKMessage = "There was an error with your account (email invalid). Please contact support (LoginError_004)"
}
}
// Get Email from API Payload
var local_Email = (json as! NSDictionary)["Email"] as! String
print("local_Email: \(local_Email)")
if (local_LoginChecksPassingOK == true) {
if (local_LoginChecksPassingOK == true) {
if local_Email != "" {
// Check Email for @ symbol
if local_Email.contains("@") == true {
print(" - email ok")
} else {
local_Email = ""
// Username Empty
local_LoginChecksPassingOK = false
local_LoadedOk = "No"
local_LoadedNotOKMessage = "There was an error with your account (email invalid). Please contact support (LoginError_005)"
}
} else {
local_Email = ""
// Username Empty
local_LoginChecksPassingOK = false
local_LoadedOk = "No"
local_LoadedNotOKMessage = "There was an error with your account (email invalid). Please contact support (LoginError_006)"
}
}
}
// Was there and Error Loading or Saving
// ... Code Removed
// Unload other values
// ... Code Removed
// Save Preferences
// ... Code Removed
self.loginActivityIndicator.stopAnimating()
// Redirect Back to Main View
self.lblLoginProcessing.text = "Returning to the Main Screen........."
let vc = ( self.storyboard?.instantiateViewController( withIdentifier: "mainViewController") )!
//vc.view.backgroundColor = UIColor.orange()
vc.modalTransitionStyle = .crossDissolve
self.present(vc, animated: true, completion: nil)
case .failure(let error):
var sErrorTitle = ""
var sErrorBody = ""
print(" - Login Error")
print(" - - \(error._code)")
print(" - - \(error)")
if error._code == NSURLErrorTimedOut {
//timeout
print("Error: Server Timeout (NSURLErrorTimedOut)")
sErrorTitle = "Server Timeout"
sErrorBody = "The login server timed out.\r\n\r\n Error: \(error)"
}
if (response.response?.statusCode == 402) {
print("Error: Invalid Password (402)")
sErrorTitle = "Invalid Password"
sErrorBody = "The password you entered was invalid.\r\n\r\n Error: \(error)"
} else if response.response?.statusCode == 403 {
print("Error: Unknown Account (403)")
sErrorTitle = "Unknown Account"
sErrorBody = "The account you entered was not found.\r\n\r\n Error: \(error)"
} else if response.response?.statusCode == 408 {
print("Error: Server Timeout2 (NSURLErrorTimedOut)")
sErrorTitle = "Server Timeout2"
sErrorBody = "The login server timed out.\r\n\r\n Error: \(error)"
} else if response.response?.statusCode == 499 {
print("Error: Invalid or missing token, please update your app (499) ")
sErrorTitle = "Invalid Version"
sErrorBody = "The app token was invalid (or outdated), plaase update your app and try again.\r\n\r\n Error: \(error)"
} else if response.response?.statusCode == 503 {
print("Error: Database Read Error")
sErrorTitle = "Sever Error (503)"
sErrorBody = "The server cannot process your login at this time (Error 503).\r\n\r\n Error: \(error)"
} else if response.response?.statusCode == 504 {
print("Error: Database Write Error (504)")
sErrorTitle = "Sever Error"
sErrorBody = "The server cannot process your login at this time (Error 504).\r\n\r\n Error: \(error)"
} else {
print("Unknwon Error (\(response.response?.statusCode)")
sErrorTitle = "Unable to login"
sErrorBody = "The App was unable to login. Please check your mobile and or wifi settings and try again."
//sErrorBody = "There was an unknown error loging in (Error (\(response.response?.statusCode))\r\n\r\n Error: \(error)"
self.resignFirstResponder()
}
self.loginActivityIndicator.stopAnimating()
self.resignFirstResponder()
// Show Loading Alert
let alert = UIAlertController(title: "\(sErrorTitle)", message: "\(sErrorBody)", preferredStyle: .alert)
self.present(alert, animated: true, completion: nil)
let when = DispatchTime.now() + 5
DispatchQueue.main.asyncAfter(deadline: when){
alert.dismiss(animated: true, completion: nil)
}
}
}Everything is working like a real app. If I enter valid credentials my app logs me in.
If I enter incorrect credentials I get an error.
If I stop my Node login service and try and login I get an appropriate error message.
Simulating full or partial network request failures on different endpoints
I checked the iOS Simulator (10.0 running iOS 10.2) that comes with XCode 8.2.1 to find a way to turn off the network to the simulator and I coudl not find an option???
The iOS Simulator lacks the usual Wifi and Mobile configuration options found on iOS devices.
XCode Simulator is lacking network control features.
XCode allows me to see the network stats within my app but not adjust the network layer status.
Like all good developers I opened google and typed “Is it possible to disable the network in iOS Simulator? and found many solutions on how to disable the network in the simulator like:
- Close the simulator, disconnect from the internet, start XCode and your project and simulator and then connect to the network (that way the simulator stays disconnected until the simulator reboots). – This does not work.
- “Build a simple Faraday cage to block or limit the external RF signal level”.
- “Create a walk-in Faraday cage with a desk inside, the Mac will be much easier to work with”.
I did not want to spend minutes disconnecting and reconnecting to the internet or build a faraday cage so I took Felix advice and downloaded an application for OSX called Little Snitch from Objective Development.
Little Snitch
Reading the Little Snitch website the software reminds me of the good old days of controlling everything before Operating System Vendors buried these features.
Snip: “Whenever an application attempts to connect to a server on the Internet, Little Snitch shows a connection alert, allowing you to decide whether to allow or deny the connection. Your decision gets stored as a rule which will automatically be applied to future, similar connection attempts from the same application.”
Time to give Little Snitch a go, $34.95 is a bargain if it works as good as it says it does.
Little Snitch
Little Snitch took 5 mins to install (low level). After it rebooted the Little Snitch Configuration program popped up.
Little Snitch – System Tray Options were available too.
Default Configuration (will take a number of minutes).
Little Snitch was now prompting me to approve many network connections for background apps. Currently as we speak MongoDB and AWS Elasticsearch servers are being hit with ransomware. I might be patient and manually approve every process wanting to use my network with Little Snitch.
I opened many apps and responded to the network access prompts when the apps tried to talk to the network.
Manually invoking an application to use the network (software update) results in an approval pop-up.
After a number of minutes reviewing app network permissions, I loaded up the Little Snitch Network Monitor. Nice.
The Network Monitor is handy for reviewing in real-time what is happening on your Network/Machine.
Note: My BitDefender is rather busy.
I have digressed, let’s see if Little Snitch can block my iOS App to assist with debugging API’s.
Blocking iOS Simulator Traffic with Little Snitch
XCode itself wanted access to the internet before I opened my project.
As soon as I started the XCode iOS Simulator I blocked all simulator related processes (I can turn it back on later).
Tip” I just found out if you move the mouse above the forever button in the dark grey area you can view more information.
I blocked the following iOS Simulator related processes from making any connection forever.
Now to start my app on the simulator from XCode and invoke a network call and see if we can block it to trigger my error pop-up. Yes, I was able to block the iOS Simulated app with Little Snitch 🙂
I received this “correct” error in my app, Excellent, now I can customize the error messages in my app.
🙂
The eagle eyes will notice that the error message above is the same as when I turned off the Node Server that handles the login. Now I need to add some XCode code in to detect “Is Wifi Network Up”,”Is Mobile Network Up”Can Access Network” and “Can Ping Server” etc. This would provide true error messages and not give the user any doubt to what the problem was.
If it was their device blocking my app they need a different message to one that reports a general data connection error or server down error.
Now how do I enable the blocked network traffic in Little Snitch?
Open the Little Snitch Configuration app.
You can easily see what processes are allowed/blocked and change the setting (double click then change the connection to/from to Allow/Deny).
Summary
As it turns out I did not need to block the other iOS processes (just my app) so in future, I will just Deny or Allow for my app (until quite).
Little Snitch from Objective Development is an awesome app and allows me to block traffic where XCode would not. As a bonus it will secure your machine and help keep it safe.
I will update this guide when I learn more about Little Snitch.
Donate and make this blog better
Ask a question or recommend an article